GH-500 : GitHub Advanced Security

GitHub Advanced Security (GHAS) plays a crucial role in enhancing the security posture of software development projects on GitHub. It provides a comprehensive set of tools and features designed to identify and address security vulnerabilities throughout the development lifecycle. By integrating security directly into the development process with GHAS, your team can build more secure and reliable software. The course will explore how to utilize GHAS to maximize security impact and understand GHAS and its role in the security ecosystem.

Learning Path1: GitHub Advanced Security

• Define GHAS and the importance of the integral features such as Secret scanning, Code scanning, and Dependabot

• Explore how to utilize GHAS to maximize security impact

• Understand GHAS and its role in the security ecosystem

Learning Path 2: Configure Dependabot security updates on your GitHub repo

• Describe the dependency graph and how to export a Software Bill of Materials (SBOM).

• Identify the permissions and roles required to view and enable Dependabot alerts.

• Enable and configure Dependabot alerts and security updates.

• Create and configure the dependency review workflow.

• Identify, review, and address vulnerable dependencies.

• Describe the available tools for managing vulnerable dependencies on GitHub.

Learning Path 3: Configure and use secret scanning in your GitHub repository

• Secret scanning works and to whom it's available.

• To prevent secret leaks by enabling push protection.

• To enable secret scanning on your repository.

• To configure secret scanning according to your use case.

• To use secret scanning efficiently.

Learning Path 4: Configure code scanning on GitHub

• Describe code scanning.

• List the steps for enabling code scanning in a repository.

• Implement CodeQL analysis in a GitHub Actions workflow and (CI) tools.

• Explain how to configure code scanning on a repository using triggering events.

• Contrast the frequency of code scanning workflows (scheduled vs triggered by events).

Learning Path 5: Identify security vulnerabilities in your codebase by using CodeQL

• Install the CodeQL command-line interface (CLI) from the page for GitHub CodeQL releases.

• Create a database by using CodeQL to extract a single relational representation of each source file in the codebase.

• Run CodeQL in a database to find problems in your source code and find potential security vulnerabilities.

• Analyze CodeQL scan results by using GitHub-created queries or your own custom queries.

Learning Path 6: Code scanning with GitHub CodeQL

• Understand CodeQL and how it analyzes code.

• Understand QL, a unique logic programming language.

• Set up CodeQL based code scanning in a GitHub repository.

• Reference a custom CodeQL query.

• Configure the language matrix in a CodeQL workflow.

• Learn how to use the CodeQL CLI to generate code scanning results and upload them to GitHub.

• Implement custom build steps.

Learning Path 7: GitHub administration for GitHub Advanced Security

• Learn about the different GitHub Advanced Security features and their availability.

• How to enable GitHub Advanced Security according to your enterprise plan.

• How to manage access to the different GitHub Advanced Security features.

• How GitHub Advanced Security lets you manage security alerts.

Learning Path 8: Manage sensitive data and security policies within GitHub

• Create documentation that details security guidelines and useful information for collaborators.

• Set permissions and other rules.

• Manage repository rulesets.

• Automate processes that prevent security risks.

• Respond to sensitive data exposure.

• Export audit log records and git events.